1

I have a doubt with Sql Inject Me Add-on. It does not work on my web page for testing SQLinjection. My web page is created using extjs 4

In the sql inject me side bar 'Sorry,This page has no forms ' is shown. actually that web page contain forms. How can I fix this? And what is the reason for this error?

ѕтƒ
  • 3,547
  • 10
  • 47
  • 78
Gapchoos
  • 1,422
  • 5
  • 20
  • 40
  • Your error description is very poor. Our crystal balls can't figure out how your page looks like and then it is a bit hard to figure out why you get a specific error. – Albin Sunnanbo Feb 27 '13 at 10:16
  • 1
    lol @ crystal balls. ExtJs doesn't use
    to submit data but an XMLHttp request. It is a good thing that the injection doesn't work.. right?
     – A1rPun Feb 27 '13 at 10:25
  • 2
    @Gapchoos If know the action attribute and the parameters to POST/GET, use sqlmap to test for the injection. – Cyril Feb 27 '13 at 10:42

1 Answers1

3

Looking at the ExtJS4 samples - http://cdn.sencha.com/ext-4.1.1a-gpl/examples/simple-tasks/index.html - it looks this framework appears to produce all functionality entirely in JavaScript and examining the generated source it doesn't seem to use normal form tags at all when generating these UI elements.

I think SQL Inject is looking at the source, not seeing any standard HTML forms and then returning the observed error.

Without knowing much more about this framework I would hazard a guess that you can't use the SQL Inject tool with it.

Jon Malcolm
  • 461
  • 3
  • 12
  • 1
    This is true! The framework can use standard submit methods if the property `standardSubmit:true` is configured for the form. – A1rPun Feb 27 '13 at 10:30